This is the mail archive of the
mailing list for the Cygwin project.
Re: AVG scan found WIN-HEUR virus in cygwin install from aarnet ftp
- From: Erik Soderquist <ErikSoderquist at gmail dot com>
- To: "Justin S." <juszza at yahoo dot com>, cygwin at cygwin dot com
- Date: Wed, 16 Mar 2016 20:14:30 -0400
- Subject: Re: AVG scan found WIN-HEUR virus in cygwin install from aarnet ftp
- Authentication-results: sourceware.org; auth=none
- References: <412824260 dot 1534094 dot 1458171873522 dot JavaMail dot yahoo dot ref at mail dot yahoo dot com> <412824260 dot 1534094 dot 1458171873522 dot JavaMail dot yahoo at mail dot yahoo dot com>
On Wed, Mar 16, 2016 at 7:44 PM, Justin S. wrote:
> AVG anti-virus reported it found a virus in a Cygwin install pulled from aarnet on 8 Jan 2014.
> "";"Virus found Win32/Heur, C:\Users\justin\Desktop\ftp%3a%2f%2fmirror.aarnet.edu.au%2fpub%2fsourceware%2fcygwin%2f\x86\release\cygwin\cygwin-debuginfo\cygwin-debuginfo-1.7.27-2.tar.xz";"Secured"
> The AVG info on the reported virus is as follows:
> I think it has been lurking there for some time. You might want to check into it to make sure nothing has sneaked in.
Most likely a false positive. The "heur" part indicates is was
flagged by heuristic analysis rather than a known signature match.
I've had several false positives from anti-virus scanners because the
majority of Windows users simply don't do advanced computing, and so
anything that does is "unusual" at minimum.
I would start with comparing the signature of the downloaded file
against the same file downloaded from other trusted sources, and if
they match, submit to AVG as a likely false positive. If the
signatures don't match, try to contact the mirror's maintainer and let
them know about the signature mismatch and the AV flag so they can
check their mirror.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple